guam STARTTLS not working due to invalid CAPABILITIES command answer



  • Since my upgrade to Kolab16, I am no longer able to connect to imap using STARTTLS on 143 (SSL/TLS on 993 works perfectly fine)

    When I telnet to my box, I get the following:

    telnet mail.example.com 143
    Escape character is '^]'.
    * OK [CAPABILITY IMAP4rev1 STARTTLS LITERAL+ ID ENABLE SASL-IR LOGINDISABLED] mail Cyrus IMAP unknown-Debian-2.5.12.25-0~kolab1 server ready
    1 CAPABILITY
    * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE URLAUTH URLAUTH=BINARY AUTH=PLAIN AUTH=LOGIN SASL-IR X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
    1 OK Completed
    

    The initial CAPABILITY content (part of the initial OK) is right, but when I issue an additional CAPABILITY request (as does my email client do), I get the answer I would expect after STARTTLS upgrade.

    I tried setting-up a STARTTLS cyrus on 9143 and having guam 143 forward to this cyrus as I read here and there on the internet. Here's what I got:

    Escape character is '^]'.
    * OK [CAPABILITY IMAP4rev1 STARTTLS LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE URLAUTH URLSASL-IR X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE LOGINDISABLED] mail Cyrus IMAP unknown-Debian-2.5.12.25-0~kolab1 server ready
    1 CAPABILITY
    * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE URLAUTH URLAUTH=BINARY AUTH=PLAIN AUTH=LOGIN SASL-IR X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
    1 OK Completed
    

    Somewhat similar, except there is much more capabilities advertised in the initial answer, the following answer still misses STARTTLS or LOGINDISABLED and instead advertises AUTH=PLAIN or AUTH=LOGIN

    This is on debian 9 with kolab16 from http://obs.kolabsys.com/repositories/Kolab:/16/Debian_9.0/ and guam version 0.9.4-13


Log in to reply